The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

A Study of Security Rule Management for Misuse Intrusion Detection Systems using Mobile Agent

오용 침입탐지 시스템에서 모바일 에이전트를 이용한 보안규칙 관리에 관한 연구

  • 김태경 (성균관대학교 대학원 정보통신공학부) ;
  • 이동영 (명지전문대학 정보통신과) ;
  • 정태명 (성균관대학교 정보통신공학부)
  • Published : 2003.10.01
Download PDF
⟨ Previous Next ⟩

Abstract

This paper describes intrusion detection rule management using mobile agents. Intrusion detection can be divided into anomaly detection and misuse detection. Misuse detection is best suited for reliably detecting known use patterns. Misuse detection systems can detect many or all known attack patterns, but they are of little use for as yet unknown attack methods. Therefore, the introduction of mobile agents to provide computational security by constantly moving around the Internet and propagating rules is presented as a solution to misuse detection. This work presents a new approach for detecting intrusions, in which mobile agent mechanisms are used for security rules propagation. To evaluate the proposed approach, we compared the workload data between a rules propagation method using a mobile agent and a conventional method. Also, we simulated a rules management using NS-2 (Network Simulator) with respect to time.

이 논문은 모바일 에이전트를 이용해서 보안규칙을 관리하는 방안을 제시하였다. 침입탐지 시스템(IDS : Intrusion Detection System)은 침입탐지 모델을 기반으로 비정상적인 행위 탐지(anomaly detection)와 오용 침입탐지(misuse detection)로 구분할 수 있다. 오용 침입탐지(misuse detection)는 알려진 공격 방법과 시스템의 취약점들을 이용한 공격들은 탐지가 가능하지만, 알려지지 않은 새로운 공격을 탐지하지 못한다는 단점을 가지고 있다. 이에 본 논문에서는, 계속적으로 인터넷 상을 이동하는 모바일 에이전트를 이용해서 안전하게 보안규칙을 관리하는 방안을 오용탐지의 단점을 해결하는 방안으로 제시하였다. 이러한 모바일 에이전트 메커니즘을 이용해서 보안규칙을 관리하는 것은 침입탐지 분야에서는 새로운 시도이며, 모바일 에이전트를 이용해서 보안규칙을 관리하는 방법의 유효성을 증명하기 위해서 기존의 방식과 작업부하 데이터(workload data)를 수식적으로 비교하였고, NS-2(Network Simulator)를 이용하여 시간에 대하여 시뮬레이션을 수행하였다.

Keywords

References

  1. R. G. Bace, Intrusion Detection, Macmillan Technical Publishing, 2000
  2. B. Mukherjee, T. L. Heberlein and K. N. Levitt, Network Intrusion Detection, IEEE Network, May/June, 1994 https://doi.org/10.1109/65.283931
  3. R. Jagannathan, T. Lunt, D. Anderson, C. Dodd, F. Gilham, C. Jalali, H. Javitz, P. Neumann, A.Tamaru and A.Valdes, System Design Document : Next-Generation Intrusion Detection Expert System (NIDES), Technical Report A007/A008/A009/A011/A012/A014, SRI International, March, 1993
  4. S. Kumar and E. Spafford, 'A Pattern Matching Model for Misuse Intrusion Detection,' Proceedings of the Seventeenth National Computer Security Conference, Oct., 1994
  5. Information Security 21c, The history and kinds of intrusion detection system, http://www.securityinformation.com, July, 2001
  6. H. S. Nwana, Software Agents : an Overview. Knowledge Engineering Review, 1996
  7. M. Crosbie and G .H. Spafford, Defending a Computer System using Autonomous Agents. Technical Report No.95-022, Dept. of Comp. Sciences, Purdue University, March, 1996
  8. M. Crosbie and E. H. Spafford, 'Active Defense of a Computer System using Autonomous Agents,' Technical Report CSD-TR-95-008, Department of Computer Sciences, Purdue University, 1995
  9. Balasubramaniyan, Jai, J. O. Garcia-Fernandez, E. H. Spafford and D. Zamboni, An Architecture for Intrusion Detection using Autonomous Agents. Department of Computer Sciences, Purdue University, Coast TR 98-05, 1998
  10. G. G. Helmer, J. S. K. Wong, V. Honavar and L. Miller, Intelligent agents for intrusion detection. In Proceedings IEEE Information Technology Conference, Syracuse, NY, pp.121-124, September, 1998 https://doi.org/10.1109/IT.1998.713396
  11. A. Porras and P. G. Neumann, EMERALD : Event Monitoring Enabling Responses to Anomalous Live Disturbances. In Proceedings of the National Information Systems Security Conference, Oct., 1997
  12. A. Porras and A. Valdes, 'Live Traffic Analysis of TCP/IP Gateways,' in Networks and Distributed Systems Security Symposium, March, 1998
  13. K. Boudaoud, H. Labiod, R. Boutaba, Z. Guessoum, Network security management with intelligent agents, Network Operations and Management Symposium, 2000, NOMS 2000
  14. L.Qi, L.Yu, 'Mobile agent-based security model for distributed system,' Mobile agent-based security model for distributed system,' Systems, Man and Cybernetics, 2001, IEEE International Conference, 2001 https://doi.org/10.1109/ICSMC.2001.973539
  15. NS, http://www-mash.cs.berkeley.edu/ns
  16. L. Peterson and B. Davie, Computer Networks : A Systems Approach, Morgan Kaufman, 2nd Edition, 2000
  17. W. Jansen, P. Mell, T. Karygiannis, D. Marks, Applying Mobile Agents to Intrusion Detection and Response, October, 1999
  18. S. Greenberg, C. Byington, T. Holding, G. Harper, 'Mobile Agents and Security,' IEEE Communications Magazine, July, 1998
  19. NSF CISE Grand Challenge in e-Science Workshop Report, http://www.evl.uic.edu/activity/NSF/index.html